Redirect anonymous users away

It makes no sense to let anonymous users interact with the admin pages so tighten up access and redirect away users that have no rights. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
author: Simo Sorce <simo@redhat.com> 2014-10-03 13:24:37 -0400
committer: Patrick Uiterwijk <puiterwijk@redhat.com> 2014-10-06 20:55:19 +0200
commit: 73eeae98716c0e25f31cdb2c347c1939525d6ef7 (patch)
tree: 30b781a4c03dc5f2819256fd0ec7f37ac08e3833
parent: 086bb2e420fbf4f0fe7fd0ec4667737c063f2e0e (diff)
download: ipsilon-73eeae98716c0e25f31cdb2c347c1939525d6ef7.tar.gz
ipsilon-73eeae98716c0e25f31cdb2c347c1939525d6ef7.tar.xz
ipsilon-73eeae98716c0e25f31cdb2c347c1939525d6ef7.zip
5 files changed, 24 insertions, 3 deletions
diff --git a/ipsilon/admin/common.py b/ipsilon/admin/common.py
index 85bd5fd..b8572e3 100755
--- a/ipsilon/admin/common.py
+++ b/ipsilon/admin/common.py
@@ -19,7 +19,7 @@
 
 import cherrypy
 from ipsilon.util.page import Page
-from ipsilon.util.page import admin_protect
+from ipsilon.util.page import admin_protect, auth_protect
 
 
 class AdminPluginPage(Page):
@@ -110,6 +110,7 @@ class Admin(Page):
         self.url = '%s/%s' % (self.basepath, mount)
         self.menu = []
 
+    @auth_protect
     def root(self, *args, **kwargs):
         return self._template('admin/index.html',
                               title='Configuration',
diff --git a/ipsilon/admin/info.py b/ipsilon/admin/info.py
index 4154339..8e910c7 100755
--- a/ipsilon/admin/info.py
+++ b/ipsilon/admin/info.py
@@ -4,7 +4,7 @@
 
 import cherrypy
 from ipsilon.util.page import Page
-from ipsilon.util.page import admin_protect
+from ipsilon.util.page import admin_protect, auth_protect
 from ipsilon.util.plugin import PluginObject
 from ipsilon.admin.common import AdminPluginPage
 from ipsilon.info.common import FACILITY
@@ -112,9 +112,11 @@ class InfoPlugins(Page):
                               enabled=ordered,
                               menu=self._master.menu)
 
+    @auth_protect
     def root(self, *args, **kwargs):
         return self.root_with_msg()
 
+    @admin_protect
     def enable(self, plugin):
         msg = None
         plugins = self._site[FACILITY]
@@ -128,6 +130,7 @@ class InfoPlugins(Page):
         return self.root_with_msg(msg, "success")
     enable.exposed = True
 
+    @admin_protect
     def disable(self, plugin):
         msg = None
         plugins = self._site[FACILITY]
diff --git a/ipsilon/admin/login.py b/ipsilon/admin/login.py
index bb79f90..16489f1 100755
--- a/ipsilon/admin/login.py
+++ b/ipsilon/admin/login.py
@@ -19,7 +19,7 @@
 
 import cherrypy
 from ipsilon.util.page import Page
-from ipsilon.util.page import admin_protect
+from ipsilon.util.page import admin_protect, auth_protect
 from ipsilon.util.plugin import PluginObject
 from ipsilon.admin.common import AdminPluginPage
 from ipsilon.login.common import FACILITY
@@ -144,9 +144,11 @@ class LoginPlugins(Page):
                               enabled=ordered,
                               menu=self._master.menu)
 
+    @auth_protect
     def root(self, *args, **kwargs):
         return self.root_with_msg()
 
+    @admin_protect
     def enable(self, plugin):
         msg = None
         plugins = self._site[FACILITY]
@@ -161,6 +163,7 @@ class LoginPlugins(Page):
         return self.root_with_msg(msg, "success")
     enable.exposed = True
 
+    @admin_protect
     def disable(self, plugin):
         msg = None
         plugins = self._site[FACILITY]
diff --git a/ipsilon/admin/providers.py b/ipsilon/admin/providers.py
index ba5e1e7..8219880 100755
--- a/ipsilon/admin/providers.py
+++ b/ipsilon/admin/providers.py
@@ -20,6 +20,7 @@
 
 import cherrypy
 from ipsilon.util.page import Page
+from ipsilon.util.page import admin_protect, auth_protect
 from ipsilon.providers.common import FACILITY
 from ipsilon.admin.common import AdminPluginPage
 
@@ -56,9 +57,11 @@ class ProviderPlugins(Page):
                               enabled=enabled_plugins,
                               menu=self._master.menu)
 
+    @auth_protect
     def root(self, *args, **kwargs):
         return self.root_with_msg()
 
+    @admin_protect
     def enable(self, plugin):
         msg = None
         plugins = self._site[FACILITY]
@@ -72,6 +75,7 @@ class ProviderPlugins(Page):
         return self.root_with_msg(msg, "success")
     enable.exposed = True
 
+    @admin_protect
     def disable(self, plugin):
         msg = None
         plugins = self._site[FACILITY]
diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py
index 10f10aa..aa075de 100755
--- a/ipsilon/util/page.py
+++ b/ipsilon/util/page.py
@@ -34,6 +34,16 @@ def admin_protect(fn):
     return check
 
 
+def auth_protect(fn):
+    def check(self, *args, **kwargs):
+        if UserSession().get_user().is_anonymous:
+            raise cherrypy.HTTPRedirect(self.basepath)
+        else:
+            return fn(self, *args, **kwargs)
+
+    return check
+
+
 class Page(Log):
     def __init__(self, site, form=False):
         if 'template_env' not in site:
author	Simo Sorce <simo@redhat.com>	2014-10-03 13:24:37 -0400
committer	Patrick Uiterwijk <puiterwijk@redhat.com>	2014-10-06 20:55:19 +0200
commit	73eeae98716c0e25f31cdb2c347c1939525d6ef7 (patch)
tree	30b781a4c03dc5f2819256fd0ec7f37ac08e3833
parent	086bb2e420fbf4f0fe7fd0ec4667737c063f2e0e (diff)
download	ipsilon-73eeae98716c0e25f31cdb2c347c1939525d6ef7.tar.gz ipsilon-73eeae98716c0e25f31cdb2c347c1939525d6ef7.tar.xz ipsilon-73eeae98716c0e25f31cdb2c347c1939525d6ef7.zip